Forgot your password?
typodupeerror
The Courts United States IT

The Fourth Amendment and the Cloud 174

Posted by kdawson
from the reasonable-expectation dept.
CNET has up a blog post examining the question: does the Fourth Amendment apply to data stored in the Cloud? The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world, but its application to electronic communications and computing lags behind. The post's argument outlines a law review article (PDF) from a University of Minnesota law student, David A. Couillard. "Hypothetically, if a briefcase is locked with a combination lock, the government could attempt to guess the combination until the briefcase unlocked; but because the briefcase is opaque, there is still a reasonable expectation of privacy in the unlocked container. In the context of virtual containers in the cloud...encryption is not simply a virtual lock and key; it is virtual opacity. ... [T]he service provider has a copy of the keys to a user's cloud 'storage unit,' much like a landlord or storage locker owner has keys to a tenant's space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space. The same rationale should apply to the cloud." We might wish that the courts interpreted Fourth Amendment rights in this way, but so far they have not.
This discussion has been archived. No new comments can be posted.

The Fourth Amendment and the Cloud

Comments Filter:
  • by naz404 (1282810) on Tuesday January 19, 2010 @09:13AM (#30818300) Homepage
    Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.
  • by FinchWorld (845331) on Tuesday January 19, 2010 @09:16AM (#30818316) Homepage
    The US is getting to the point were one should just ask "Does the Fourth Amendment apply anywhere now?".
  • It's very simple (Score:5, Insightful)

    by Shrike82 (1471633) on Tuesday January 19, 2010 @09:16AM (#30818320)

    If you want your data to be safe,especially when you plan to store it online in this new-fangled cloud thing, then encrypt it. You can't trust a service provider to stand up to a government access order, and you can't rely on the security of a storage system that you didn't make yourself.

    Be responsible for your own data privacy instead of relying on an ambiguous interpretation of an ammendment written before the days of digital data.

  • by Anonymous Coward on Tuesday January 19, 2010 @09:17AM (#30818324)

    Seriously. Can we just save everybody the trouble and travel 5 years into the future when this whole cloud FAD runs its course? Maybe by then all the hype surrounding Twitter and Facebook will have died down a bit. And hopefully use of the word "blogosphere" will be punishable by death.

  • by Calinous (985536) on Tuesday January 19, 2010 @09:17AM (#30818332)

    When you are a foreign citizen, searching laptops, personal electronic devices and so on is just a prerequisite for entering the country (if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop).
          I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)

    Remember that searching personal effects is rarely done, but entirely normal in border posts

  • Hosting countries (Score:5, Insightful)

    by Anonymous Coward on Tuesday January 19, 2010 @09:19AM (#30818338)

    And if the data center is in another country, would the 4th Amendment apply there?

    If so, how would you enforce it? Soldiers with machine guns show up, grab all of your data, crack the encryption, and take what they want. And you'll do exactly what?

    The data is gone and seen, so you're screwed. And even if you have super duper one hundred billion bit encryption, your data center and data are gone. So, you have up to the second back-ups?

    Other than cost, I see no upside to cloud computing.

  • by Tim C (15259) on Tuesday January 19, 2010 @09:23AM (#30818352)

    if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop

    Need? Want I can see, and I appreciate that submitting to the search is a condition of being granted entry, but I really don't see where the need comes from.

    I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)

    So they can't refuse you entry; surely (assuming the law permits it) they can have you arrested and possibly charged for failing to comply?

  • by Ellis D. Tripp (755736) on Tuesday January 19, 2010 @09:28AM (#30818382) Homepage

    at the point when urine drug testing was mandated by the government for any company receiving government contracts. You know back in the days of Ronnie Raygun and the "Just Say No" crusades?

    If you aren't secure against government searches OF YOUR OWN BODILY FLUIDS, do you really think that they will respect your right of privacy regarding some random 1s and 0s stored on a private corporation's computers somewhere?

  • by Attila Dimedici (1036002) on Tuesday January 19, 2010 @09:28AM (#30818384)

    Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.

    The logic has never applied when entering U.S. borders (or any other country for that matter). Searches that would be disallowed within the country have been ruled by the Supreme Court as allowed since the founding of the country. The people who wrote the Fourth Amendment did not question such border searches, which makes it hard to argue today that the Fourth Amendment was intended to apply.

  • by L4t3r4lu5 (1216702) on Tuesday January 19, 2010 @09:38AM (#30818434)
    They don't need to search my laptop at all. No picture, document, executable, or video on my laptop is a risk to the aircraft or any person on that aircraft.

    The legality of the contents of the laptop can be contested if I am arrested within the US and the laptop seized as evidence. Until that point, that laptop is a sealed envelope; X-ray and perform a cursory physical examination all you like to ensure that it is a laptop computer, but like the documents inside the envelope, the content of the disk is not subject to being examined or duplicated.
  • by khallow (566160) on Tuesday January 19, 2010 @09:45AM (#30818480)

    Like cracking the encryption will take long.

    Using good encryption means the task is virtually impossible (even for someone like the NSA) unless they make a lucky guess or obtain the code key (via theft or subpoena).

  • by Alarindris (1253418) on Tuesday January 19, 2010 @09:50AM (#30818524)

    The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world

    Electrons in computers ARE part of the physical world.
    Stop conceding that is it different!

    IT'S NOT!

  • by MrNaz (730548) * on Tuesday January 19, 2010 @09:50AM (#30818528) Homepage

    I see your point and raise you a generalization; The US is getting to the point where one should just ask "do any of the amendments apply now?".

  • Dumb idea anyhow. (Score:5, Insightful)

    by lancejjj (924211) on Tuesday January 19, 2010 @09:52AM (#30818540) Homepage

    [T]he service provider has a copy of the keys to a user's cloud 'storage unit'

    Why the hell would I want to give a copy of the keys to the service provider?

    Just because you use the cloud to store bits of data doesn't mean that you'd want to store unencrypted bits of data there. Those that do risk distribution of your unencrypted data via a multitude of channels, including but certainly not limited to:

    • Cloud configuration errors
    • Service Policy changes
    • Service Security failures
    • Data theft by administrators
    • Service scanning and reselling of your data

    Why would anyone hand the keys to all their important data to a 3rd party that they don't personally know? Just because they're under a contract with that 3rd party? A contract drawn up exclusively by that 3rd party? With clauses designed to exclusively to protect that 3rd party?

  • Uh not so fast. (Score:2, Insightful)

    by Geofferic (1091731) on Tuesday January 19, 2010 @09:54AM (#30818562)
    This post starts with a false statement. 4th amendment rights are not well settled. They've been challenged and altered repeatedly within the last decade.
  • by jimicus (737525) on Tuesday January 19, 2010 @10:04AM (#30818636)
  • Only in america (Score:3, Insightful)

    by petes_PoV (912422) on Tuesday January 19, 2010 @10:08AM (#30818674)
    US freedoms, protections and liberties only apply within US borders. If you put your data in "the cloud" is there any guarantee that your data will stay with US borders, or is it free to float (as clouds do) to any other geographic location.

    Specifically, would it be wise to assume that all, or any, backups will only be taken in america, or that the data won't get routed to or through another country.?

    It's a big world out there and the USA is only a small part of it.

  • by Yvanhoe (564877) on Tuesday January 19, 2010 @10:19AM (#30818784) Journal
    A bit offtopic but I think it is important for lawmakers : stop doing analogies. Cryptography does not work like a lock or like an opaque case, owning cryptographic keys does not make you the landlord of anything. Cryptography works by taking a clear message and a key and mix them in a way that produces a seemingly random information but that can be made sense of thanks to the decoding key and the decoding algorithm. It is not that hard to understand. It requires 30 secondes of focus to understand and twenty minutes of thinking about and around, and you have understood the basis of crypto.

    Dear lawmakers, please make laws about cryptography, not about analogies of cryptography if you don't want me to just be an analogy of a law abiding citizen.

    Thanks.
  • by Anonymous Coward on Tuesday January 19, 2010 @10:22AM (#30818804)

    More to the point, as a Canadian I have to know that my data will NOT be stored in the states because of the weird (Mostly PATRIOT) laws there that make a mockery of any security provisions we might want.

  • by Animaether (411575) on Tuesday January 19, 2010 @12:42PM (#30820610) Journal

    if you don't want your laptops to be searched, /you are free to leave/, but if you want to enter we need to search your laptop

    (emphasis mine)
    You don't honestly think that, do you?

    I think you meant "you are free not to come here in the first place".

  • by 31415926535897 (702314) on Tuesday January 19, 2010 @01:55PM (#30821662) Journal

    Yes, the one where the federal government gets to levy individual income tax.

After an instrument has been assembled, extra components will be found on the bench.

Working...